{
  flake.nixosModules.wireguard-client = {
    config,
    lib,
    ...
  }: let
    cfg = config.hive.wg.client;
    peers = import ./_peers.nix {inherit lib;};
  in {
    options.hive.wg.client = {
      autoConnect = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = "Automatically connect to the WireGuard server with systemd";
      };
      peer = lib.mkOption {
        type = lib.types.singleLineStr;
        example = "comfy-station";
        description = "The name of the peer defined in peers.nix to incarnate";
      };
      privateKeyFile = lib.mkOption {
        type = lib.types.path;
        description = "Path to the private key file for the WireGuard client";
      };
    };

    config = {
      networking.wg-quick.interfaces.wg0 = {
        address = peers.clientAddress cfg.peer;
        inherit (cfg) privateKeyFile;
        autostart = cfg.autoConnect;
        peers = peers.forClient cfg.peer;
      };
    };
  };
}